Daniel BrameESET Endpoint Protection StandardESET Endpoint Protection is aimed squarely at business customers and delivers excellent overall detection rates at a very nice price. While it has some trouble with phishing attacks, it still leads the pack in overall protection, including anti-ransomware, and is an easy pick for an Editors' Choice award.

ESET Endpoint Protection is aimed squarely at business customers and delivers excellent overall detection rates at a very nice price. While it has some trouble with phishing attacks, it still leads the pack in overall protection, including anti-ransomware, and is an easy pick for an Editors' Choice award.

ESET Endpoint Protection Standard (which begins at $165 per year for five devices) extends the already popular endpoint protection product with Remote Administrator, a web-based and centralized management console for monitoring and controlling each of your endpoint devices. The Endpoint Protection Advanced license provides some more functionality by adding network protection features such as a software firewall and network attack protection. While it has some weaknesses when it comes to antiphishing functionality, ESET Endpoint Protection Standard was, overall, an excellent product and an easy selection for our Editors' Choice award in the endpoint protection category, along with competitor Bitdefender GravityZone Elite.

However, another category where ESET wins our Editors' Choice designation is in business-grade ransomware protection. Here, it did exceptionally well in alerting users of suspicious activity as long as its ESET LiveGrid feature is enabled.

ESET Endpoint Protection Standard runs on Android, iOS, Linux, Mac, and Windows platforms, with full-feature parity across all of the desktop versions. Its iOS functionality, however, is limited to mobile device management (MDM) operations due to platform limitations. Remote Administrator can be deployed on premises or in a private cloud. Hosting by ESET is only available upon request since it is still in an early-access phase. A 30-day free trial is available on the company's website.

Installation and User Interface

If you're using ESET Endpoint Protection Standard's Cloud Administrator, then a special version of Remote Administrator is set up for you. If you opt to use it in a private cloud, then you'll need to deploy it to Microsoft's Hyper-V or VMWare's ESXi hypervisors or to Amazon Web Services (AWS), Microsoft Azure, or another public cloud system capable of hosting virtual infrastructure. Regardless of which deployment path you take, the setup is painless. Once live, Remote Administrator can be accessed via any standard web browser. For the simplest install, the only requirement is a new password, license information, and an optional static Internet Protocol (IP) address.

The first order of business is to add some devices; there are several ways to do this. One is to look at "rogue computers" on the network, which are defined as systems that are not currently managed by ESET Endpoint Protection Standard. You can generate an installer for each such system which, once run, will install and register the client computer with Remote Administrator. That causes it to be reflected on the Computers tab and the Dashboard. You can configure various default groupings for the PCs you're managing via a set of customizable filters, and you can add new filters and static groups for even more structure.

A Variety of Useful Reports

Once all of your devices are registered, you can choose to assign a policy to each device group. Such policies will override the default ESET Endpoint Protection Standard configuration so plan carefully. This is a flexible option and allows configuration of antivirus, update settings, personal firewall, web and email scanning, device control, and other tools. While most of these are straightforward and self-explanatory, I did find the device control dialog a bit clunky, though it does begin to make sense after a minute or two of clicking around.

After collecting enough data, the Dashboard begins to light up with useful information. There are several tabs across the top that show an overview of connected computers, the Remote Administrator Server, current antivirus threats, and firewall threats. Each ring graph is clickable into a drilldown that gives detailed information. Threats, for example, can be drilled down to on the system level, and each threat can be reviewed for the action taken and marked as resolved.

The Reporting module is also excellent. It contains enough detailed reports to satisfy the needs of a security audit but not so much that it's too overwhelming to set up. Each report comes with a quick preview as well. The type of threats, modules utilized, and actions taken are all detailed out so that it is easy to follow. A full audit log of changes made on Remote Administrator is available when it becomes necessary to prove the "who and when" of policy changes.

Ransomware Protection for Business

Since ransomware has been a major point of concern, ESET Endpoint Protection Standard also brings a number of specific features to keep your systems from becoming infected. Assuming ESET LiveGrid, which uses a worldwide database of user-submitted suspicious application samples, is enabled, the desktop app will prompt you if something tries to suspiciously modify your personal data. You're prompted to enable ESET LiveGrid at installation, and it's basically a feature that transmits new or suspected malware activity on your PC directly to ESET where the company's analysts can process it and add it to the overall threat database. Participation is optional, but since it's helping keep you more secure in the long run, we'd recommend enabling it.

If ESET flags something as ransomware, you'll have the option of letting it continue or shutting it down where it stands. By participating in ESET LiveGrid, even unknown apps will gain a reputation and allow the system as a whole to function better for all users. Bitdefender GravityZone Elite, F-Secure Protection Service for Business, and Panda Security Adaptive Defense 360 offer similar mechanism in their products.

ESET Endpoint Protection Standard also provides an excellent exploit blocker. The exploit blocker will help prevent apps from inappropriately gaining administrative privileges or taking advantage of bugs in apps to gain access to your system.

Testing

I began with a simple malware detection test, by extracting 142 fresh malware samples onto the desktop. Only the default settings were used. Every single one of the malicious apps were detected immediately after being extracted. No execution was necessary for ESET Endpoint Protection Standard to detect them as threats. A desktop alert was triggered, and the threat notification followed via email a few minutes later. The shared folder from which the payloads were copied were also cleaned in the process.

Like Webroot SecureAnywhere Business Endpoint Protection, ESET Endpoint Protection Standard had some trouble with phishing attacks. To evaluate the antiphishing capabilities, I used a set of 10 newly reported phishing websites from PhishTank, an open community that reports known and suspected phishing websites. In this test, six out of 10 websites were caught by ESET Endpoint Protection Standard. I would have wanted a slightly better result here since many of the phishing websites presented were obvious fake log-in sites for PayPal and bank websites.

To test ESET Endpoint Protection Standard's response to ransomware, I used a set of 44 ransomware samples, including WannaCry. None of the samples made it past extraction from the ZIP file. This is not terribly surprising since each of the samples has a known signature. That being said, the response was swift and severe. The executables were promptly flagged as ransomware and removed from disk. RanSim, KnowBe4's ransomware simulator, was also flagged as a ransomware instance. Since it's likely these were picked up via known signatures, I proceeded with a more direct approach by simulating an active attacker.

All Metasploit tests were conducted using the default settings of the product. Since none of them succeeded, I felt confident in skipping any settings of a more aggressive nature. First, I used Rapid7's Metasploit Framework to set up an AutoPwn2 server designed to exploit the browser. This launches a series of attacks that are known to succeed on common browsers such as Firefox and Microsoft Internet Explorer. ESET Endpoint Protection Standard correctly detected each exploit and canceled the attack, which means it performed at or above expectations.

The next test used a macro-enabled Microsoft Word document. Inside of the document was an encoded app that a Microsoft Visual Basic Script (VBScript) would then decode and attempt to launch. This can often be a tricky condition to detect when various masking and encryption techniques are used, but ESET was quickly able to shut down the attack before it ran.

Next, I tested a social engineering-based attack. In this scenario, the user downloads a compromised installer of open-source File Transfer Protocol (FTP) tool FileZilla using Shellter. Upone execution, the file will trigger a Meterpreter session and call back to the attacking system. But ESET swiftly detected this attack, too, and blocked it.

In terms of independent lab results, MRG-Effitas included ESET Internet Security 2018, which uses the same engine, in their Q1 2018 360 Degree Assessment & Certification paper. Much like the previous test, it failed the test but only missed about 0.6 percent of the samples used. It's worth noting that some significant updates have been made since then so these results may have changed. AV-Comparatives also notes that ESET Endpoint Protection Standard was able to block 98.4 percent of tested malware samples during their Real-World Protection Test in October 2017.

Final Thoughts

Overall, ESET Endpoint Protection Standard is a powerful and well-designed endpoint protection product. The hosted Remote Administrator feature works excelently, and the product delivers in spades from a threat detection standpoint. ESET strikes a nice balance between being easy to use without sacrificing configurability. With a competitive price of $165 per year for five devices (or $33 per device), ESET Endpoint Protection Standard offers significant value despite a few minor annoyances. That said, road warriors will want to spring for Endpoint Protection Advanced licenses for the software firewall.

ESET Endpoint Protection Standard

Bottom Line: ESET Endpoint Protection is aimed squarely at business customers and delivers excellent overall detection rates at a very nice price. While it has some trouble with phishing attacks, it still leads the pack in overall protection, including anti-ransomware, and is an easy pick for an Editors' Choice award.

ESET Endpoint Protection Standa...

ESET Endpoint Protection Standard

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.